Aruba Networks and Avaya enterprise switches face potential risks due to significant vulnerabilities (CVEs)

In a recent discovery, researchers from Armis have uncovered critical vulnerabilities in enterprise-grade routers and switches from HPE unit Aruba Networks and Extreme Networks' Avaya unit. These network devices, often overlooked when examining the security posture of organizations, pose a significant risk due to their role as the backbone of corporate networks.

The vulnerabilities, collectively known as TLStorm 2.0, are similar to the Heartbleed bug that affected the OpenSSL cryptography library in 2014. An attacker could potentially gain remote code execution over millions of devices, moving laterally to other devices by changing the switch behavior. This could allow an attacker to exfiltrate data from the internal network through these vulnerable switches.

HPE and Extreme Networks have been collaborating with the researchers, and there is no evidence of attacks in the wild. In the interim, HPE is advising customers using affected products to implement firewall controls for protection. HPE is also working on a firmware update to address the vulnerability in a limited number of switch models and firmware versions.

The affected Aruba and Extreme Networks products using NanoSSL with discovered vulnerabilities include Aruba Instant On access points, Aruba 2930F and 3810 switches, and several Extreme Networks Summit and BlackDiamond switch models. Firmware updates have been released to address the issues.

Barak Hadad, head of research at Armis, stated that routers and switches pose a significant risk due to their role as the backbone of corporate networks. These network switching devices are commonly used across hospitals, hotels, airports, and other organizations.

Despite their role in enforcing network segmentation, these devices are frequently disregarded in security assessments. This disregard stems from the fact that they are often overlooked when examining the security posture of organizations.

HPE is not currently aware of any exploitation involving Aruba customers. Extreme Networks has shared information for customers to implement firmware upgrades. The disclosures stem from the March discovery of similar vulnerabilities, called TLStorm, in APC Smart-UPS devices. The root cause of the vulnerability is the misuse of NanoSSL, a popular TLS library from Mocana.

Organizations are urged to update their devices as soon as possible to mitigate the risks associated with these vulnerabilities. It is essential to prioritize the security of all network devices, not just the more visible ones.